Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / October 2005

Tip: Looking for answers? Try searching our database.

Questions creating new database role

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
H Lee - 13 Oct 2005 22:09 GMT
When I execute the following for a fixed database role:

EXEC sp_dbfixedrolepermission 'db_denydatawriter'

the resultset is as follows:

db_denydatawriter No DELETE permission on any object
db_denydatawriter No INSERT permission on any object
db_denydatawriter No UPDATE permission on any object

Similarly, I'd like to create a database role that allows SELECT, INSERT,
and UPDATE, but prevents DELETE permission, on any object in a database.

From my interpretation of BOL, it appears that I can't use GRANT or DENY to
apply globally within a database ("on any object"), but I'm required to
specify the individual object I wish to carry out a GRANT or DENY.

Currently, the catch is that I need to create this in a newly created
database that currently contains no database objects at all, and that I'd
like the custom db role that I'm creating to be automatically applied to any
objects created in the future.

Is there a way to create or to customize a database role, with global
attributes on everything in a database?

Thanks in advance for your help.

- H -
Reply to this Message
Jasper Smith - 14 Oct 2005 20:13 GMT
No really in SQL2000. In SQL2005 you will be able to do this. For SQL2000
you are limited to creating a job that polls the database for new objects
and assigns the relavent permissions but the more imortant questions are
1) Why does this role need explicit permissions on tables?
2) How do objects just "appear" in the database ?

If changes are managed through a change control process then you can make
sure that scripts supplied to create new objects contain the necessary grant
statements however I'd again question why this role needs direct table
access.

Signature

HTH

Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org

> When I execute the following for a fixed database role:
>
[quoted text clipped - 24 lines]
>
> - H -
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.